Since the definition of an application includes all assemblies associated with the application, you can use this type of identity to ensure that only assemblies associated with the application have access to the isolated storage.